Director of Security & IT

About The Position

Requirements

• 10+ years in security, security engineering, or infrastructure/platform engineering roles.
• Experience leading or building security programs in a high-growth B2B SaaS company.
• Experience leading or mentoring security or infrastructure engineers.
• Strong understanding of modern cloud and platform architectures and how security integrates into them.
• Experience partnering closely with engineering teams to embed security into software development and infrastructure workflows.
• Experience securing multi-tenant SaaS products and customer-facing platforms.
• Experience operating within security and compliance frameworks such as SOC 2.
• Ability to translate security risk into pragmatic engineering decisions and business tradeoffs.
• Demonstrated hands-on use of modern AI tools internally or in product contexts, with a proactive and progressive approach to identifying and addressing emerging AI security risks.
• Experience scaling security functions in a 50+ engineer organization.

Nice To Haves

• Experience securing distributed agent-based or edge systems.
• Experience with model vendor risk and data retention controls.
• Familiarity with observability systems and telemetry pipelines.
• Background in networking or infrastructure automation.
• Experience scaling security functions in a 50+ engineer organization.

Responsibilities

• Security Architecture & Platform Strategy
• Define and continuously evolve security architecture across our multi-tenant SaaS platform, on-prem product, and distributed agent systems.
• Establish security design principles for multi-tenant isolation, IAM, secrets management, and cloud boundaries.
• Embed security into engineering workflows through strong partnership with Engineering Directors and Principal Engineers.
• Own governance, risk, and compliance strategy, including SOC 2 maturity and audit readiness.
• Own AI Security & Risk
• Treat AI security as a first-class security domain and partner with our AI leaders to shape secure AI product strategy from inception.
• Define guardrails for internal AI usage, including data access boundaries, vendor risk, model retention policies, and prompt leakage risks.
• Anticipate how AI changes privilege models, data routing, and attack surface area.
• Ensure AI adoption increases leverage without creating uncontrolled data exposure.
• Lead DevSecOps & Security Engineering
• Define how security is embedded into CI/CD pipelines, infrastructure-as-code, identity systems, secrets management, and software supply chain workflows in partnership with platform and product engineering teams.
• Guide the design of logging, detection, and response capabilities across our cloud and developer environments.
• Oversee penetration testing programs and ensure findings translate into durable engineering improvements.
• Build and grow the DevSecOps capability over time, including hiring dedicated engineers to own security tooling and automation.
• Lead Corporate IT & Governance, Risk & Compliance
• Directly manage and coach the IT/InfoSec Manager and help mature the corporate IT, governance, risk, and compliance function.
• Ensure endpoint security, vendor access, onboarding/offboarding, and internal systems meet strong security standards.
• Align IT operations and compliance processes with engineering-driven security architecture.